That attack was first thought to have been orchestrated using China's "Great Firewall," a sophisticated ring of networking equipment and filtering software used by the government to exert strict control over Internet access in the country. The firewall is used to block sites like Facebook and Twitter as well as several media outlets.

However, while the Great Cannon infrastructure is co-located with the Great Firewall, it is a separate, offensive system, with different capabilities and design, said researchers at the University of California, Berkeley, and the University of Toronto on Friday.

The Great Cannon is not simply an extension of the Great Firewall, but rather a distinct tool that hijacks traffic to individual IP addresses, and can arbitrarily replace unencrypted content by sitting between the Web server and end user -- a method known as a man-in-the-middle attack. The system is used to manipulate the traffic of systems outside of China, silently programming browsers to create a massive DDoS attack, the researchers said.

The attack method deployed against Github injected malicious Javascript into browsers connecting to the Chinese search engine Baidu. When the Great Cannon sees a request for certain Javascript files on one of Baidu's infrastructure servers that host commonly used analytics, social, or advertising scripts, it appears to take one of two actions. It either passes the request to Baidu's servers, which has happened over 98 percent of the time, or it drops the request before it reaches Baidu and instead sends a malicious script back to the requesting user, which has happened about 1.75 percent of the time, the report said.

In the latter case, the requesting user would be an individual outside China browsing a website making use of a Baidu infrastructure server, such as sites with ads served by Baidu's ad network. In the DDos attack against GitHub, the malicious script was used to enlist the requesting user as an unwitting participant, the report said.

The Berkeley and Toronto researchers confirmed the suspicions about the origin of the attack, saying they believe there is compelling evidence that the Chinese government operates the cannon. They tested two international Internet links into China belonging to two different Chinese ISPs, and found that in both cases the Great Cannon was co-located with the Great Firewall. This strongly suggests a government actor, they said.

While DDoS attacks are quite crude, the Great Cannon can also be used in more sophisticated ways. A technically simple configuration change, switching the system to operating on traffic from a specific IP address rather than to a specific address, would allow Beijing to deliver malware to any computer outside of China that communicates with any Chinese server not employing cryptographic protections, they said.

A similar system used by the U.S. National Security Agency (NSA) and the U.K's GCHQ intelligence services to deliver exploits is called QUANTUM, the researchers said.

"The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users," the researchers said, adding that the findings emphasize the urgency of replacing legacy Web protocols, like HTTP, with their cryptographically strong versions, like HTTPS.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

ARN Distributor Directory

ARN Vendor Directory

Slideshows

​Inside the new HP Customer Welcome Centre in Sydney…

HP unveiled its new Customer Welcome Centre (CWC) in Sydney this week, following on more than a year after the vendor opened the doors of its Experience Centre in Melbourne (MEC). The new space offers on-site HP technicians and visiting channel partners the ability to reconfigure equipment and put together tailored solutions based on the needs of individual end clients or target vertical markets. The centre can also be booked by customers and partners for meetings, events, workshops, seminars, and training. Photos by HP.

Zscaler Australia toasts the channel at Xmas drinks

Zscaler recently hosted its partner update and Christmas drinks event in Australia where more than 20 partners attended the event at the QT hotel in the Sydney. The event provided a forum for the company to update its Australian partners on the company's strategy for cloud security in the year ahead. It was also a great opportunity for the company to introduce Sean Kopelke as country manager for A/NZ. The event ended with Christmas drinks and a celebration of momentum gained in 2016.

IN PICTURES: ​Nutanix X Tours

Nutanix recently held two ‘X Tours’, which brought the company’s flagship event .NEXT to Brisbane and Melbourne. Customers and partners got a firsthand look at the new era of IT and exposure to the potential of the Nutanix Enterprise Cloud platform. Both events featured key speakers both from Nutanix and its partners.

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Copyright 2016 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.